hi
According to Wikipedia , back in the good old days, the nerds at the MIT and Bell Labs, had to figure out how 100's and 1000's of users could share the time on a multi-million dollar mainframes, so they devised the "multi user" operating system called Unix, (which was sort of cloned to mutilple variants of which OSX, Linux, BSD, etc are the current day progressions.
Its great that Android is based off a "Linux OS" however, the smart phones we use today are primarily "single user" devices, we also call them
"personal devices" The guys at MIT/Bell defined a proper 'multi user environment' with proper demarcation between users and ACLs as was the need back in the good old days, I dont believe this applies to the current day smart phone devices.
In the current scenario, of personal devices, we actually have one or may be two users but we have "multiple apps" we need a "multi-app" system with proper ACL demarcation between apps so they can share their data in a controlled manner.
Does any one know of any Android/Tizen/Linux/FirefoxOS or any other PMD OS which does a multi-user+multi-app ACL ?
G
Related
I did have a search on here, but didn't find anything particularly relevant so I'm hoping some people could help me out.
My situation is that I manage the deployment of Android Handsets and Tablets within my company. This process is fairly ad-hoc as in, I order a few handsets at a time, set them up with company software requirements + some desktop shortcuts, and ship them to the specific user.
My problem is that the quantity of devices I'm going to be deploying in the next 12 months will grow significantly, and this job is extremely boring, and costing me in time wasted on a repetitive task that could be much better spent on other things.
So I am looking for tools to help make this process more automated/quicker/simpler.
The crux of my requirements are:
a) install software packages (some from market, some not eg Lotus Notes Traveler)
b) Slight desktop customisations (add some app shortcuts, browser homepage etc) - realistically this is optional, but I thought I'd mention it.
Currently I take care of (a) with a homegrown python script which makes some adb calls.
(b) and (c) are entirely manual, and currently depend in part on the device going out - could be any of HTC Desire/Desire S/Sensation, Motorola Atrix/Defy+/Xoom or Samsung Galaxy Tab 10.1.
I also have to do this *after* having logged in, set up at least one google account + possibly a motoblur account, and enabled USB debugging - is it possible to get adb shell functionality without needing to get into the OS and enable USB Debugging?
Moving to higher level things, I'm open to the idea of paying for dedicated tools to manage this job - eg Google Apps Domain services, or some other Mobile Data Management service (eg silverback mdm).
However, what these tools are geared to is securing a fleet of devices, but don't seem to offer what I'm looking for, which I believe are pretty simple requirements. ie add some arbitrary apps, and make them accessible on the front screen of the device.
I can't imagine that I'm the first person to need to do this, so what are other people doing to ease the management burden?
Hello.
I am here seeking for help and advice on how to approach the development of a security framework (via APP or via hacked Android ROM to be used by kids, that could be monitored by adults (parents or legal tutors).
The idea would be to develop a (white hat) hacked ROM, that would allow the kids to communicate with their friends, but also would allow their parents to supervise/monitor in real time what their children are doing, who are they communicating with and that way protect their children. The thing is not to spy on our kids, but to be able to check regularly if there is anything wrong going on with our kids (mobbing, insults or harassment). Kids aged (10-14) could be influenced by other kids, adults, or adults simulating being kids, and on some occasions they can be tricked to do things without their parents consent/knowledge that can lead to a tricky situation.
When I was a kid, we had the telephone (wired telephone, of course) on the middle of the hallway, so all our conversations were basically family-public. The truth is that there are not many secret things a 10yo kid could/should talk about, but nowadays, it could be a little bit worrying to lend a smartphone to a kid. I think it's just as letting a kid drive a car; he can do it right, or not be able to evaluate the whole consequences of driving a car.
Talking to other parents around me, they all found very interesting the idea of having a telephone that one could lend to their son, having the kid available all the time, and with the peace of mind that you could know what's going on. Of course the kid should be aware of this, and that the telephone comms are being supervised. I think it's no big deal. "Kid, it's very simple. The telephone is mine, and if you want to use it you have to use it under my terms".
Probably, all of us working for a company, have also our communications supervised, cannot make personal phonecalls with the company's telephones, probably cannot navigate to webs looking for personal content, and we asume those rules (because neither the company's phones nor the computers are ours but our company's). It's basically the same, switching the company-employee role to a father-son one.
So, let's get to the point (technically). I am a tech-geek, linux pro-user, have compiled a few ROMs just for personal use, but don't feel capable enough of starting a project of these magnitude alone. If there is anyone willing to help, opine, or whatever, will be very welcome.
First of all, APP or ROM? I basically think that the ROM is the way to go, but I'm asking just in case someone can convince me on the contrary. I will make a poll on this question.
APP An APP could be easily downloaded and installed but would require a rooted phone, and I don't see it clearly if an APP could resolve all the needed issues (access to communications for example) and could be fairly easily uninstalled too.
ROM On the other hand, a ROM would be trickier to uninstall (basically flashing another ROM) but wouldn't be as easy to install as an APP (though the installer model of cyanogenmod could be kind of a solution). There could be an universal (if possible) independent flashable module, over whatever android ROM, or an entire ROM solution.
Features that I want to develop in this ROM (by the way, I call it 'Vigilante ROM'):
Suitable for as many devices as possible
Web interface for parents available to see device-related information
Some hack-proof measures to avoid kids bypassing the ROM's security
Alerts triggered on some events (offensive words, whatever)
Position of the mobile -just in case-
Suitable for as many devices as possible
The first thing I though was what platform should be used for this ROM. To select Android over others (iOS, Blackberry, W7) was a no-brainer. Now, the question is should we use pure Android or make a CyanogenMod fork?
In my opinion, even though every phone maker has to supply their ROM sources publicly, they usually introduce so many modifications (HTC Sense, Samsung Touchwizz and so on) that it looks more difficult to develop a common security framework over each manufacturer's version of Android, rather than using a more standardized one like CyanogenMod.
CyanogenMod already works with a wide number of devices (and a wider one if you count the unofficial supported devices), I think CyanogenMod should be the base of this ROM. If all the 'things' needed could be flash on top of any Android device, would be even better, but technically I need help with this one.
I understand that basically there should be an internal proxy setup, so that all the communications go through this internal proxy, and based on the kind of communication, we could log whatever we need. For example:
Visited URLs
Whatsapp or other messaging apps should be decrypted
Incoming/Outgoing calls/SMS
Social network activity
I know the Whatsapp protocol because I'm familiar with a project called WhatAPI. The key point to be able to intercept whatsapp messaging is a key generated and exchanged during the app install (although there are ways to later ask the Whatsapp server to renegotiate this keyword) and that's used later to encrypt all the messages between the phone and the whatsapp server.
Web interface for parents available to see device-related information
Behind every kid with a smartphone there should be a responsible adult supervising the kid -even if it's remotely-. In my idea, logs of messaging activity, incoming/outgoing calls/SMS and even the position should be available to the supervisor through a web interface.
Some hack-proof measures to avoid kids bypassing the ROM's security
That's an easy one. CRC checks on some keyfiles would guarantee that the device is not being 'counter-hacked'. Some kids are also very techie, and we should make some defences against kids trying to hack (counter-hack?) the phone.
Alerts triggered on some events (offensive words, whatever)
It could be interesting if somehow the supervisor could receive a notification whenever the kid sends/receives and offensive word, or tries to enter some special tagged website.
Hi, after postponing for many years my phone finally snapped beyond logic (has an infinite system popup spam with "unfortunately x service has stopped working", with options like 'Wait' and 'Ok') and I thought this could be a good opportunity to try a custom ROM (since it was running too slow and Android was limiting resources too much, even before any of this). My phone uses Android 4.2.2 (Jelly Bean), I thought that alone was enough, but I just happened to see that it also has to match the device model... and after visiting all custom ROM websites, it seems that there's no support at all for this phone, which is utterly frustrating.
So, as a leap of faith, I'm asking here if there's any ROM known for being widely compatible that isn't indexed in search engines.
Wikipedia named some that have their websites down (or maybe the list is outdated).
Though it's not my first time installating OS in desktop devices (and laptops), I'm still entirely new in the actual android/mobile customization world.
Still waiting for a response.
waiting for a response x2
i have the same device. its possible to do something if you have knowledge about doing a kernel or modify some things man, i never find a rom for that but i can say..... uwu maybe a simple system apk modifications or deleting it......if your objetive is videogames you could delete all thrash things and have only the system essentials services to use more smothly.
OK here's a question for all you android-heads: How to get rid of it ???
Android was originally developed as open source but then Google 'bought it' and converted it to a proprietory system which requires a Google 'account' which colates and tracks personal info across devices and systems. Huawei may finally give us a way out of the Yank back-end snooping problem but that can only be defeated by getting rid of the American OS (Android and IOS) which steal and pass all data directly to American authorities and companies. What happened to privacy ???
Sailfish, Ubuntu touch and Tizen may be useful but it would be infinitely better if we could install our own Linux versions and take back control.
The 'newspeak' labelled "Smartphones' remind me of the old 8088 computers from the 1980's that could hardly be used as they were so basic. "Smartphones' are so very very basic that you cannot even access the root to install your own OS and software. Surely someone can link the ideals of the Rapberry Pi to the advanced hardware of the "Smartphone" to get a device that can actually be used normaly ! THAT will be the day! Oh and by the way - in Australia there existed "Communicators" - just like a "Smartphone", but without Sim cards, using only wi-fi and telephony with mVoIP (but that didn't give billions of $' to the phone companies...) We seem to be going backwards technologically Over and out....
Update 22.12.2019:
A new (really) open source Linux phone has just been announced - the Pine-Phone which can run any Linux system. Details at fossmint pinephone-an-open-source-smartphone-for-linux
Install Armbian if it's kernel supported hardware that you can build a map for. Otherwise there isn't really an option, irritating as that is.
Hi All, I used to play around with SSL certs and openssl and all that stuff... so I have a bit of knowledge on the topic but am by no means an expert... please give me a bit of leeway if I misspeak...
I have a Nexus 10 that I still like and that I still use.... yes I'm a cheapskate! It runs Android 5.1.1... my Nexus 6 (yes I still use that one too!) runs Android 7.1.1. That fact will be made relevant below... There are a lot of us cheapskates around and we do like to extend the life of our stuff for as long as possible.
The Question: If I have an OLD android device trying to connect to a website with a browser... or trying use an app against a server with a cert that is signed by a CA that my truststore does not have, in principle, all I need to do is get that CA installed (yes/no/maybe?)
The Reason I ask:
So I saw an Android Police item today: "Many websites will stop working on older android versions in 2021" This story says that thanks to the fact that "Let's Encrypt" will stop cross signing their certificates with the DST CA X3 certificate... Evidently any device running 7.1 or earlier will start having issues. The DST cert has been around for some time... but "Let's Encrypt" has their "ISRG Root X1" CA. According to the AP article, this "cross-signing" made it possible for devices on Android 7.1 or earlier to connect to SSL-enabled sites. After January 2021 they are NOT going to do this anymore so your chrome brower (which unlike FireFox does not have capability to use a separate truststore) will not work with some websites... and of course this has ramifications for apps that rely on ssl as well.
So again, my question is, assuming the apps I have use the basic device's trust store, shouldn't I just have to install the ISRG Root X1 into my device's truststore and I can then be fat, dumb, and happy again? My limited knowledge on SSL suggests the answer is "yes that would work" but I'm not sure (of much!) these days.